Malicious files on sites identified to date have, however, been .jpg, gif, .css, .htm or .js files, rather than .ani files. This means that filtering out files with specific extensions at the internet gateway does not offer protection. US-CERT has, however compiled information, on the basis of which it is possible to generate signatures for an intrusion prevention or detection system.

According to Microsoft, frequently updating virus signatures should help detect new versions of the malware. According to Andreas Marx from av-test.org, virus scanner detection rates over the weekend were fair to middling at best.

In its announcement of the forthcoming patch, Microsoft mentions that the company has been working on an update since December and that this has already been extensively tested, so that nothing should stand in the way of early release. Users who have installed the unofficial patches from eEye or ZERT should uninstall these patches before installing the update.

The timing of the early update announcement (April 1st) was unfortunate. Wagging tongues are claiming that it is the Redmond company's idea of an April fool. Because of the seriousness of the vulnerability, however, it is not something about which Microsoft can afford to joke - business users are unlikely to see the funny side.